You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello guys! I trying make access to postgresql cluster based on patroni via teleport. But i faced with certs problems.
I tried use certs generated by teleport and also CA and certs generated by myself.
There are 3 nodes with installed postgresql patroni haproxy on each nodes and haproxy loadbalancer as endpoint.
# Do not edit this file manually!
# It will be overwritten by Patroni!
hostssl all all ::/0 cert
hostssl all all 0.0.0.0/0 cert
local all postgres peer
local all all scram-sha-256
local all all peer
local replication all peer
host all all ::1/128 scram-sha-256
host all datamigrator 127.0.0.1/32 trust
host all all 0.0.0.0/0 scram-sha-256
host all all psql-1-test scram-sha-256
host all all psql-2-test scram-sha-256
host all all psql-3-test scram-sha-256
host replication all ::1/128 scram-sha-256
host replication all 127.0.0.1/32 scram-sha-256
host replication replicator localhost trust
host replication replicator psql-1-test scram-sha-256
host replication replicator psql-2-test scram-sha-256
host replication replicator psql-3-test scram-sha-256
I used certs from teleport ip 10.0.2.75 was passed as endpoint
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:87:f7:9e:89:36:f9:3b:8f:07:37:30:4d:2b:48:f4:fa:35:d4:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = teleport.mydomain.ru, O = teleport.mydomain.ru
Validity
Not Before: Oct 9 11:18:21 2024 GMT
Not After : Oct 9 11:18:21 2025 GMT
Subject: CN = 10.0.2.75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e9:3f:5f:a0:5f:db:29:c4:6d:0e:8b:72:2d:67:
9a:90:c5:35:75:87:fe:81:13:75:75:7f:68:8a:43:
4d:41:ef:48:35:42:6f:c5:8a:1d:16:89:35:36:8e:
52:79:4d:e3:62:1d:a2:52:ca:e5:c9:16:2f:7c:3b:
ea:50:16:76:4a:b5:2f:5c:af:95:fc:15:2d:c9:20:
18:17:d6:01:3f:f4:90:4f:6c:19:ee:71:9f:c5:fd:
0c:b9:b8:e6:22:6a:49:d5:c9:8a:72:d0:9d:4d:e4:
34:d2:40:bf:ce:3c:30:c2:fe:ee:81:c5:6e:8c:a2:
0a:c4:b7:64:de:18:b4:20:73:8f:ca:09:3f:d6:84:
a7:6d:31:9e:b2:8b:d6:4c:77:6e:53:41:64:ea:31:
41:d8:ff:d7:c6:3b:66:45:21:3d:77:b0:cb:f7:8e:
c4:85:28:2b:49:be:2f:ab:c8:63:a1:91:fb:33:43:
b2:4d:02:f1:23:3c:64:f2:1a:36:47:4b:9a:35:f0:
13:15:64:88:36:73:1d:3b:ba:17:b5:25:90:d6:b3:
33:9a:0b:4c:93:c5:a1:22:9c:4f:05:36:32:ce:bb:
35:60:b4:0c:9f:1b:e1:d0:0a:a2:e9:be:83:29:bc:
a3:41:59:5b:3c:e0:05:ec:51:e4:81:1c:7c:e9:8b:
d3:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Key Encipherment, Data Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:psql-1-test, DNS:psql-2-test, DNS:psql-3-test, DNS:test-loadbalancer.mydomain.ru, DNS:localhost, IP Address:10.0.2.109, IP Address:10.0.2.81, IP Address:10.0.2.87, IP Address:10.0.2.75, IP Address:127.0.0.1
X509v3 Subject Key Identifier:
CC:3A:AD:F2:47:AC:E6:BD:DB:F5:86:03:6A:29:B4:9E:AE:8E:D1:3F
X509v3 Authority Key Identifier:
56:72:B2:63:9E:DC:B1:10:FF:82:18:8E:EA:B4:4C:DF:FA:F5:40:77
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
85:3a:7e:51:c3:85:76:3a:b8:40:22:d7:ff:db:05:15:b8:90:
a9:d3:5d:32:69:e3:12:c7:6f:b5:5c:e7:14:b0:da:51:f7:74:
ae:92:59:a4:9a:60:62:a4:d0:5a:ef:f1:4f:51:3a:52:97:2a:
13:f6:da:ee:4e:9f:88:2d:0d:f2:63:25:5d:16:11:84:35:a5:
24:bf:a2:e7:f7:4c:d8:ca:e8:7d:0a:2a:f1:7b:f9:f5:24:48:
75:c4:7f:fa:1c:97:f3:20:fb:79:fc:ab:7e:86:04:b0:97:0e:
b3:73:ea:3d:c7:65:61:53:3b:98:63:45:ba:8c:88:04:c8:87:
51:4a:22:a2:0a:35:c1:b5:1e:a1:80:22:90:b0:db:0c:4c:bf:
20:75:ca:0b:fd:0b:9b:7f:16:44:33:48:93:97:a2:a5:43:3b:
75:c3:37:04:90:e0:c4:93:dc:e4:66:14:9f:1d:7a:7d:43:bf:
63:96:fd:78:2b:e6:dd:8d:f6:21:7b:6f:b0:96:95:ec:ae:ca:
bc:be:ab:a2:08:a5:79:96:d5:b4:9b:ff:b0:f7:c7:7b:26:26:
80:d7:4a:4e:80:0d:d6:c5:6e:15:60:2c:81:d0:03:31:e6:3c:
80:72:c9:d8:2f:15:a9:2e:fa:04:f6:a3:1a:5a:63:a6:1b:ef:
f5:d5:ba:35:f6:46:b5:8d:c6:20:74:e2:ba:21:36:b4:c3:ad:
35:d4:59:fe:09:ac:9d:34:66:dd:12:f4:98:a5:fe:d9:4f:eb:
6e:8a:2e:6f:d9:61:03:ba:2a:08:13:27:15:34:1a:66:47:3c:
e5:5d:6a:d4:5a:2a:08:6e:74:82:0e:15:6c:d6:be:be:ec:cc:
6c:64:98:f2:3f:5d:d2:20:8b:db:3a:8c:26:89:84:fd:ad:47:
b1:07:c2:5f:d3:42:f6:7a:52:66:51:58:6a:91:66:8a:1c:7c:
2a:cf:0a:4a:8f:ee:b6:48:b0:32:1a:37:06:17:5e:94:05:81:
27:d9:67:46:38:44:f5:36:89:00:2e:f7:88:6e:d7:94:f0:c4:
5b:f3:5e:dd:90:2d:a9:0d:f3:74:aa:89:db:34:8b:30:3b:dc:
64:1f:08:7b:de:ed:23:1e:73:09:6a:9f:39:e3:16:9a:60:68:
35:0b:be:5e:42:5b:7e:33:c9:bd:2a:cc:2b:21:60:1b:d3:28:
b5:c4:b2:48:f5:97:40:38:4f:90:f9:83:19:be:bd:7f:14:13:
c9:21:f9:ff:a4:79:9f:a8:22:25:0b:53:fe:f5:e3:b2:f1:0f:
f2:88:a8:02:67:07:22:01:ee:51:06:32:ec:0f:f3:a8:bc:0d:
f2:d5:95:c7:0a:68:7a:2d
when i trying connect to db via tsh i got an error:
tsh db connect patroni-cluster-test --db-user=rvaleev --db-name=test_psql
psql: error: connection to server at "localhost" (127.0.0.1), port 39143 failed: EOF
ERROR: exit status 2
this is log when run tsh
tsh db connect patroni-cluster-test --db-user=rvaleev --db-name=test_psql --debug
2024-10-09T15:04:21+03:00 INFO [CLIENT] ALPN connection upgrade required for "teleport.mydomain:443": false. client/api.go:783
2024-10-09T15:04:21+03:00 INFO [CLIENT] no host login given. defaulting to ruslan client/api.go:1121
2024-10-09T15:04:21+03:00 INFO [CLIENT] [KEY AGENT] Connected to the system agent: "/run/user/1000/keyring/ssh" client/api.go:4850
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Reading certificates from path "/home/ruslan/.tsh/keys/teleport.mydomain.ru/[email protected]/teleport.mydomain.ru-cert.pub". client/keystore.go:357
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:21+03:00 INFO [KEYAGENT] Loading SSH key for user "[email protected]" and cluster "teleport.mydomain.ru". client/keyagent.go:198
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Reading certificates from path "/home/ruslan/.tsh/keys/teleport.mydomain.ru/[email protected]/teleport.mydomain.ru-cert.pub". client/keystore.go:357
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Reading certificates from path "/home/ruslan/.tsh/keys/teleport.mydomain.ru/[email protected]/teleport.mydomain.ru". client/keystore.go:357
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:21+03:00 DEBU [TSH] Selected active database "patroni-cluster-test" by name common/db.go:1479
2024-10-09T15:04:21+03:00 DEBU [TSH] Listing databases with predicate (name == "patroni-cluster-test") and labels map[] common/db.go:1153
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:21+03:00 INFO [CLIENT] Connecting to proxy=teleport.mydomain.ru:443 login="collection-admin" using TLS Routing client/api.go:3294
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:21+03:00 DEBU [HTTP:PROX] No proxy set in environment, returning direct dialer. proxy/proxy.go:197
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:21+03:00 DEBU [KEYAGENT] "Checking key: [email protected] AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgM22Us92xfnUZfPkjZK0u9QX0CQofC6Udezp8/1vDt7YAAAADAQABAAABAQCidsEGB9Gl+ls3rcpVUVsYKV+XYv48zPDR6FCHzloY2/3sOrZFX15Pvffr+hlNEZinKRAJH3cY/x2X+5xEAmFwrR/WLj2241rokZPji+cyPipwo+hFSNueqGDqkDgkOKbTc+I+YKjuG8lrwop74YBsLlGV0udS2DFsnHCEmpuEewpTicgDzXebAqDpf4l3hHJKMGpceb0PnW57O1Lw/3zOApiZi5eTTccDGCG7bHCTEY+pgXc1hxuxMN4h/bbYdZuDVaGK+TEN/IXDpyxA1UzqxSQAjrJQ0stc8WLYq8cnHP0UGRC3geJ6NZSiRDSonryvUeNxOGytFgSO//25fA4zAAAAAAAAAAAAAAACAAAAAAAAAQMAAAA7NDg1MGI5MDYtMDVhNy00MmM4LTliZWMtZDZhNzBhOWRhOWQzLnRlbGVwb3J0LmRpcmVjdC1wYXkucnUAAAAkNDg1MGI5MDYtMDVhNy00MmM4LTliZWMtZDZhNzBhOWRhOWQzAAAAInRlbGVwb3J0LTAxLnRlbGVwb3J0LmRpcmVjdC1wYXkucnUAAAALdGVsZXBvcnQtMDEAAAAJbG9jYWxob3N0AAAACTEyNy4wLjAuMQAAAAM6OjEAAAAWdGVsZXBvcnQuZGlyZWN0LXBheS5ydQAAAChyZW1vdGUua3ViZS5wcm94eS50ZWxlcG9ydC5jbHVzdGVyLmxvY2FsAAAAAGYhJCn//////////wAAAAAAAABWAAAAFHgtdGVsZXBvcnQtYXV0aG9yaXR5AAAAGgAAABZ0ZWxlcG9ydC5kaXJlY3QtcGF5LnJ1AAAAD3gtdGVsZXBvcnQtcm9sZQAAAAkAAAAFUHJveHkAAAAAAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEAuSlHt9DvAbZQqjSSzxGcecdnLH/LOb+paA3NPRmKGAs7sq5VNykLHCDNNGgTd/KPzbD6/aKBEGdOSGqHgd/Y1yiuLytb9r86CToiCWbeHM6tHsGScKw5wwWkIPO3LbW7yb4lwVrRDEEZkBHE0p3R+ntXd2yYNet7X/omr0RQujfkRCMmnc5gYZ6aRABDZprjxk192RcyngtmDJRT8gZkl3W4pcLWPI/HoJqXa33dCtr/TYWlcbYl2umJ24wPm0hYD2mhVKZvMXNs+e8h9wYQLpyMrOzUjLYpLxtcQJo6xhwn6BhSl3DPlk9jjtf0cjkqzzENtBS8wswadZ/ckUX+1wAAARQAAAAMcnNhLXNoYTItNTEyAAABAALEC1o2p8H5Rqe1Iy4QUKvxVY/SBhPvj16G/664zawiOcBF3TqDARkb3HPQOGQ0kQ7g8rWTG3KIMNfeg148n6YtXAgTnYbogRjYQHgkfr+ZxHle3aqiVS+3y8Zd1NAYRqw6CYO70wwRVL6otiMetSTZEDC1OWkrZ5fOh4mowctJ6auc09XvVeXO65neg0IzDAKIO4FBOpnVHsSAl4UiuvPFdYelPVRDuyQdCmR0cSrfSMIyxA9h8x1llWz4IeHpTTrKW2arP7ddnLxqc41ep9LJ5hfdcrvgMo3v2zhuKrnWwJLRUadwpPk7cTkfvcon5EyPQrK8zO71gLY+ULD3z48=\n." client/keyagent.go:370
2024-10-09T15:04:21+03:00 DEBU [KEYAGENT] Validated host teleport.mydomain.ru:443. client/keyagent.go:376
2024-10-09T15:04:21+03:00 INFO [CLIENT] Successful auth with proxy teleport.mydomain.ru:443. client/api.go:3299
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:21+03:00 INFO [CLIENT] Connecting to proxy=teleport.mydomain.ru:443 login="collection-admin" using TLS Routing client/api.go:3294
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:21+03:00 DEBU [HTTP:PROX] No proxy set in environment, returning direct dialer. proxy/proxy.go:197
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:21+03:00 DEBU [KEYAGENT] "Checking key: [email protected] AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgM22Us92xfnUZfPkjZK0u9QX0CQofC6Udezp8/1vDt7YAAAADAQABAAABAQCidsEGB9Gl+ls3rcpVUVsYKV+XYv48zPDR6FCHzloY2/3sOrZFX15Pvffr+hlNEZinKRAJH3cY/x2X+5xEAmFwrR/WLj2241rokZPji+cyPipwo+hFSNueqGDqkDgkOKbTc+I+YKjuG8lrwop74YBsLlGV0udS2DFsnHCEmpuEewpTicgDzXebAqDpf4l3hHJKMGpceb0PnW57O1Lw/3zOApiZi5eTTccDGCG7bHCTEY+pgXc1hxuxMN4h/bbYdZuDVaGK+TEN/IXDpyxA1UzqxSQAjrJQ0stc8WLYq8cnHP0UGRC3geJ6NZSiRDSonryvUeNxOGytFgSO//25fA4zAAAAAAAAAAAAAAACAAAAAAAAAQMAAAA7NDg1MGI5MDYtMDVhNy00MmM4LTliZWMtZDZhNzBhOWRhOWQzLnRlbGVwb3J0LmRpcmVjdC1wYXkucnUAAAAkNDg1MGI5MDYtMDVhNy00MmM4LTliZWMtZDZhNzBhOWRhOWQzAAAAInRlbGVwb3J0LTAxLnRlbGVwb3J0LmRpcmVjdC1wYXkucnUAAAALdGVsZXBvcnQtMDEAAAAJbG9jYWxob3N0AAAACTEyNy4wLjAuMQAAAAM6OjEAAAAWdGVsZXBvcnQuZGlyZWN0LXBheS5ydQAAAChyZW1vdGUua3ViZS5wcm94eS50ZWxlcG9ydC5jbHVzdGVyLmxvY2FsAAAAAGYhJCn//////////wAAAAAAAABWAAAAFHgtdGVsZXBvcnQtYXV0aG9yaXR5AAAAGgAAABZ0ZWxlcG9ydC5kaXJlY3QtcGF5LnJ1AAAAD3gtdGVsZXBvcnQtcm9sZQAAAAkAAAAFUHJveHkAAAAAAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEAuSlHt9DvAbZQqjSSzxGcecdnLH/LOb+paA3NPRmKGAs7sq5VNykLHCDNNGgTd/KPzbD6/aKBEGdOSGqHgd/Y1yiuLytb9r86CToiCWbeHM6tHsGScKw5wwWkIPO3LbW7yb4lwVrRDEEZkBHE0p3R+ntXd2yYNet7X/omr0RQujfkRCMmnc5gYZ6aRABDZprjxk192RcyngtmDJRT8gZkl3W4pcLWPI/HoJqXa33dCtr/TYWlcbYl2umJ24wPm0hYD2mhVKZvMXNs+e8h9wYQLpyMrOzUjLYpLxtcQJo6xhwn6BhSl3DPlk9jjtf0cjkqzzENtBS8wswadZ/ckUX+1wAAARQAAAAMcnNhLXNoYTItNTEyAAABAALEC1o2p8H5Rqe1Iy4QUKvxVY/SBhPvj16G/664zawiOcBF3TqDARkb3HPQOGQ0kQ7g8rWTG3KIMNfeg148n6YtXAgTnYbogRjYQHgkfr+ZxHle3aqiVS+3y8Zd1NAYRqw6CYO70wwRVL6otiMetSTZEDC1OWkrZ5fOh4mowctJ6auc09XvVeXO65neg0IzDAKIO4FBOpnVHsSAl4UiuvPFdYelPVRDuyQdCmR0cSrfSMIyxA9h8x1llWz4IeHpTTrKW2arP7ddnLxqc41ep9LJ5hfdcrvgMo3v2zhuKrnWwJLRUadwpPk7cTkfvcon5EyPQrK8zO71gLY+ULD3z48=\n." client/keyagent.go:370
2024-10-09T15:04:21+03:00 DEBU [KEYAGENT] Validated host teleport.mydomain.ru:443. client/keyagent.go:376
2024-10-09T15:04:21+03:00 INFO [CLIENT] Successful auth with proxy teleport.mydomain.ru:443. client/api.go:3299
2024-10-09T15:04:21+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:22+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:22+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:22+03:00 INFO [CLIENT] Connecting to proxy=teleport.mydomain.ru:443 login="collection-admin" using TLS Routing client/api.go:3294
2024-10-09T15:04:22+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:22+03:00 DEBU [HTTP:PROX] No proxy set in environment, returning direct dialer. proxy/proxy.go:197
2024-10-09T15:04:22+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:22+03:00 DEBU [KEYAGENT] "Checking key: [email protected] AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgM22Us92xfnUZfPkjZK0u9QX0CQofC6Udezp8/1vDt7YAAAADAQABAAABAQCidsEGB9Gl+ls3rcpVUVsYKV+XYv48zPDR6FCHzloY2/3sOrZFX15Pvffr+hlNEZinKRAJH3cY/x2X+5xEAmFwrR/WLj2241rokZPji+cyPipwo+hFSNueqGDqkDgkOKbTc+I+YKjuG8lrwop74YBsLlGV0udS2DFsnHCEmpuEewpTicgDzXebAqDpf4l3hHJKMGpceb0PnW57O1Lw/3zOApiZi5eTTccDGCG7bHCTEY+pgXc1hxuxMN4h/bbYdZuDVaGK+TEN/IXDpyxA1UzqxSQAjrJQ0stc8WLYq8cnHP0UGRC3geJ6NZSiRDSonryvUeNxOGytFgSO//25fA4zAAAAAAAAAAAAAAACAAAAAAAAAQMAAAA7NDg1MGI5MDYtMDVhNy00MmM4LTliZWMtZDZhNzBhOWRhOWQzLnRlbGVwb3J0LmRpcmVjdC1wYXkucnUAAAAkNDg1MGI5MDYtMDVhNy00MmM4LTliZWMtZDZhNzBhOWRhOWQzAAAAInRlbGVwb3J0LTAxLnRlbGVwb3J0LmRpcmVjdC1wYXkucnUAAAALdGVsZXBvcnQtMDEAAAAJbG9jYWxob3N0AAAACTEyNy4wLjAuMQAAAAM6OjEAAAAWdGVsZXBvcnQuZGlyZWN0LXBheS5ydQAAAChyZW1vdGUua3ViZS5wcm94eS50ZWxlcG9ydC5jbHVzdGVyLmxvY2FsAAAAAGYhJCn//////////wAAAAAAAABWAAAAFHgtdGVsZXBvcnQtYXV0aG9yaXR5AAAAGgAAABZ0ZWxlcG9ydC5kaXJlY3QtcGF5LnJ1AAAAD3gtdGVsZXBvcnQtcm9sZQAAAAkAAAAFUHJveHkAAAAAAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEAuSlHt9DvAbZQqjSSzxGcecdnLH/LOb+paA3NPRmKGAs7sq5VNykLHCDNNGgTd/KPzbD6/aKBEGdOSGqHgd/Y1yiuLytb9r86CToiCWbeHM6tHsGScKw5wwWkIPO3LbW7yb4lwVrRDEEZkBHE0p3R+ntXd2yYNet7X/omr0RQujfkRCMmnc5gYZ6aRABDZprjxk192RcyngtmDJRT8gZkl3W4pcLWPI/HoJqXa33dCtr/TYWlcbYl2umJ24wPm0hYD2mhVKZvMXNs+e8h9wYQLpyMrOzUjLYpLxtcQJo6xhwn6BhSl3DPlk9jjtf0cjkqzzENtBS8wswadZ/ckUX+1wAAARQAAAAMcnNhLXNoYTItNTEyAAABAALEC1o2p8H5Rqe1Iy4QUKvxVY/SBhPvj16G/664zawiOcBF3TqDARkb3HPQOGQ0kQ7g8rWTG3KIMNfeg148n6YtXAgTnYbogRjYQHgkfr+ZxHle3aqiVS+3y8Zd1NAYRqw6CYO70wwRVL6otiMetSTZEDC1OWkrZ5fOh4mowctJ6auc09XvVeXO65neg0IzDAKIO4FBOpnVHsSAl4UiuvPFdYelPVRDuyQdCmR0cSrfSMIyxA9h8x1llWz4IeHpTTrKW2arP7ddnLxqc41ep9LJ5hfdcrvgMo3v2zhuKrnWwJLRUadwpPk7cTkfvcon5EyPQrK8zO71gLY+ULD3z48=\n." client/keyagent.go:370
2024-10-09T15:04:22+03:00 DEBU [KEYAGENT] Validated host teleport.mydomain.ru:443. client/keyagent.go:376
2024-10-09T15:04:22+03:00 INFO [CLIENT] Successful auth with proxy teleport.mydomain.ru:443. client/api.go:3299
2024-10-09T15:04:22+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:22+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:22+03:00 DEBU [TSH] Starting local proxy because: cluster teleport.mydomain.ru proxy is using TLS routing common/db.go:621
2024-10-09T15:04:22+03:00 DEBU [KEYSTORE] Reading certificates from path "/home/ruslan/.tsh/keys/teleport.mydomain.ru/[email protected]/teleport.mydomain.ru". client/keystore.go:357
2024-10-09T15:04:22+03:00 DEBU [KEYSTORE] Teleport TLS certificate valid until "2024-10-09 16:36:45 +0000 UTC". client/client_store.go:111
2024-10-09T15:04:22+03:00 DEBU [TSH] /usr/bin/psql postgres://rvaleev@localhost:35723/test_psql?sslrootcert=/home/ruslan/.tsh/keys/teleport.mydomain.ru/cas/teleport.mydomain.ru.pem&sslcert=/home/ruslan/.tsh/keys/teleport.mydomain.ru/[email protected]/teleport.mydomain.ru/patroni-cluster-test-x509.pem&sslkey=/home/ruslan/.tsh/keys/teleport.mydomain.ru/[email protected]&sslmode=verify-full common/db.go:800
2024-10-09T15:04:22+03:00 DEBU [LOCALPROX] Accepted downstream connection. alpnproxy/local_proxy.go:197
2024-10-09T15:04:22+03:00 DEBU [LOCALPROX] Using ping connection alpnproxy/local_proxy.go:243
psql: error: connection to server at "localhost" (127.0.0.1), port 35723 failed: EOF
ERROR REPORT:
Original Error: *exec.ExitError exit status 2
Stack Trace:
github.com/gravitational/teleport/lib/client/db/dbcmd/error.go:58 github.com/gravitational/teleport/lib/client/db/dbcmd.ConvertCommandError
github.com/gravitational/teleport/tool/tsh/common/db.go:813 github.com/gravitational/teleport/tool/tsh/common.onDatabaseConnect
github.com/gravitational/teleport/tool/tsh/common/tsh.go:1488 github.com/gravitational/teleport/tool/tsh/common.Run
github.com/gravitational/teleport/tool/tsh/common/tsh.go:605 github.com/gravitational/teleport/tool/tsh/common.Main
github.com/gravitational/teleport/tool/tsh/main.go:26 main.main
runtime/proc.go:271 runtime.main
runtime/asm_amd64.s:1695 runtime.goexit
User Message: exit status 2
no matter what certificates you use, you get the same error and sometimes i got
tsh db connect patroni-cluster-test --db-user=rvaleev --db-name=test_psql
psql: error: connection to server at "localhost" (127.0.0.1), port 45127 failed: x509: cannot validate certificate for 10.0.2.75 because it doesn't contain any IP SANs
ERROR: exit status 2
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello guys! I trying make access to postgresql cluster based on patroni via teleport. But i faced with certs problems.
I tried use certs generated by teleport and also CA and certs generated by myself.
There are 3 nodes with installed postgresql patroni haproxy on each nodes and haproxy loadbalancer as endpoint.
teleport.yaml:
postgresql.conf
pg_hba.conf
I used certs from teleport ip 10.0.2.75 was passed as endpoint
CA and certs generated by myself
my CA:
My server.crt:
when i trying connect to db via tsh i got an error:
this is log when run tsh
this is log teleport on node:
no matter what certificates you use, you get the same error and sometimes i got
Beta Was this translation helpful? Give feedback.
All reactions